[Samba] Properly extending the AD schema
Rowland penny
rpenny at samba.org
Sat Oct 24 12:38:36 UTC 2020
On 24/10/2020 12:36, Péter Bertalan Zoltán via samba wrote:
> Hi,
>
> I’ve been having a lot of trouble extending the schema on our DC. After
> a few failed attempts and a few hours of researching the issue, I
> decided to seek help here.
>
> For context, I am trying to extend the schema to add a custom attribute
> to the Person class that would contain an IMAP login name. It didn’t
> seem reasonable to use any of the existing attributes of this class for
> this purpose without resorting to something like deciding to use an
> arbitrary, unused attribute (such as Comment or Description) to store
> this information, which didn’t really sound like a nice solution.
>
I take it your imap login is probably something like fred at example.org,
if so, what is wrong with using the 'otherMailbox' attribute ?
You used:
ldbadd -H
/var/lib/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=MYCOMPANY,DC=COM.ldb
mycompanyTestClassAAAB.ldif --option="dsdb:schema update allowed"=true
Twice, unless it was typo.
Where on the wikipage does it say to use that format ?
It should be in this format:
ldbadd -H /var/lib/samba/private/sam.ldb mycompanyTestClassAAAB.ldif
--option="dsdb:schema update allowed"=true
Add the attribute(s) first, then the class(es)
Never, not ever, attempt to modify the *.ldb files in the sam.ldb.d
directory directly, use 'sam.ldb', that is what is for.
Rowland
More information about the samba
mailing list